TCP veto: A novel network attack and its Application to SCADA protocols

  title={TCP veto: A novel network attack and its Application to SCADA protocols},
  author={John T. Hagen and Barry E. Mullins},
  journal={2013 IEEE PES Innovative Smart Grid Technologies Conference (ISGT)},
  • John T. Hagen, B. Mullins
  • Published 2013
  • Engineering, Computer Science
  • 2013 IEEE PES Innovative Smart Grid Technologies Conference (ISGT)
TCP veto is a detection-resistant variation of the TCP connection hijacking attack. While not limited to SCADA protocols, Modbus TCP, the Ethernet Industrial Protocol (EtherNet/IP), and the Distributed Network Protocol (DNP3) each meet the necessary assumptions of the attack. Experimental results reveal that the integrity of messages transmitted using each of the three SCADA protocols are vulnerable to TCP veto. Additionally, TCP veto produces up to 600 times less network traffic during its… Expand
Security Evaluation of the Adaptive Congestion Control Algorithms for Virtual Data Center Communication
Virtualization has been vastly implemented in many organizations, facilitating the installation of more than one operating system in one physical machine. This helps save on costs associated with theExpand
Detecting Network Attack Vectors On SCADA Specific Network Operating On Modbus TCP/IP Protocol
Much research is being carried out to detect and mitigate the effect of network attacks on SCADA specific networks but, one must also consider the significance of attacks done inside the secured periphery of the controlled systems, called as “insider attacks”. Expand
Security assessment framework for cyber physical systems: A case-study of DNP3 protocol
Industrial control system (ICS) is a critical component in realizing Cyber physical system (CPS). ICS designed with traditional SCADA platforms have a small percentage or no native security, sinceExpand
Security Implications of Transport Layer Protocols in Power Grid Synchrophasor Data Communication
This work examines the communication between synchrophasors and phasor data concentrators to analyze potential security vulnerabilities present at the transport layer, and investigates the advantages and disadvantages of both the TCP and UDP protocols, respectively, with an emphasis on security issues. Expand
Performance impact of IPsec in resource-limited smart grid communication
  • B. Hirschler, T. Sauter
  • Computer Science
  • 2016 IEEE World Conference on Factory Communication Systems (WFCS)
  • 2016
The experimental results show that the influence of security features on the processing time of IPv6 packets is below one millisecond, which should be feasible for many smart grid applications, and a lean measurement setup is employed which can be used even on devices with limited processing power without influencing the measurement results too much. Expand
An Intrusion Detection Method for Line Current Differential Relays
This paper unveils that such susceptibilities can result in unwarranted trip signals through false data injection attacks (FDIAs), and so cause instability if several attacks are coordinated, and presents a solution for detecting FDIAs and distinguishing them from real internal faults. Expand
Development of a Cyber-Resilient Line Current Differential Relay
The impacts of false data injection attacks (FDIAs) on the performance ofLCDRs are investigated and a technique for detecting FDIAs against LCDRs and differentiating them from actual faults in two-terminal lines is proposed. Expand
An ensemble learning for anomaly identification in SCADA system
An ensemble learning methods are implemented to identify the anomaly in SCADA traffic on an in-house developed industrial compliant test bench and the results shows the performance evaluation Decision tree and Random forest algorithm for anomaly detection. Expand
If the authors want to prevent these advanced persistent threats from preying on the SCADA networks controlling their critical infrastructure, they need to devise a defense that does not rely on completely removing vulnerabilities. Expand
In-network P4-based Low Latency Robot Arm Control
This work presents a strawman robot arm control application running inside a P4 switch capable of parsing robot arm position messages to timely craft a message within a TCP connection to send a stop command at very low latency scales. Expand


A Simple Active Attack Against TCP
An active attack against the Transport Control Protocol is described which allows a cracker to redirect the TCP stream through his machine thereby permitting him to bypass the protection offered by such a system as a one-time password or ticketing authentication. Expand
The Case for Ubiquitous Transport-Level Encryption
Tcpcrypt is a TCP extension designed to make end-to-end encryption of TCP traffic the default, not the exception, and provides backwards compatibility with legacy TCP stacks and middle-boxes, and minimizes the cost of key negotiation on servers. Expand
Secure authentication for DNP3
  • G. Gilchrist
  • Computer Science
  • 2008 IEEE Power and Energy Society General Meeting - Conversion and Delivery of Electrical Energy in the 21st Century
  • 2008
This paper provides an overview of the secure authentication specification for DNP3. It summarizes the purpose and operation of the protocol and discusses the current state of the specification. SomeExpand